Telechat Review of draft-ietf-taps-transports-usage-08

Request Review of draft-ietf-taps-transports-usage
Requested rev. no specific revision (document currently at 09)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2017-09-12
Requested 2017-08-31
Authors Michael Welzl, Michael Tüxen, Naeem Khademi
Draft last updated 2017-09-22
Completed reviews Genart Telechat review of -08 by Roni Even (diff)
Secdir Telechat review of -08 by Derrell Piper (diff)
Assignment Reviewer Derrell Piper
State Completed
Review review-ietf-taps-transports-usage-08-secdir-telechat-piper-2017-09-22
Reviewed rev. 08 (document currently at 09)
Review result Has Nits
Review completed: 2017-09-22


I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

The summary of the review is Ready with Nits.

Since I'm not following TAPS or most of this, I reviewed the ediff's between
-05, -06, -07, and this version -08.  There were no changes from -07, so -06
was the last relevant version.

Radia's comments from her review of -05 were succint, so I'll just quote

   This informational document contains tutorial information on the use of
   the sockets API to send and receive data over the UDP and UDP-lite
   protocols. It is apparently part of an effort to write tutorial
   descriptions of APIs to all IETF-standardized transport protocols.

   This document refers the reader to the standards for all security
   considerations. That is probably appropriate. It’s always difficult to
   decide what information to include and what to exclude in a tutorial.  I
   would have liked an explanation of how the sender knows whether to
   UDP or UDP-lite, since it doesn't look like UDP-lite would be compatible
   with something that only speaks UDP.

Section 3.4 has been expanded upon presumably to address her second point.
I'm still not sure it gives the reader enough information to choose between
all these things, but it was basically informative, even if it seems to
more questions than it answers.

Considering that this document doesn't even reference D/TLS or QUIC, I guess
it's fine for what it is, but I would have preferred more text in the
Considerations section and I guess more text overall about when these things
are useful.